[BreachExchange] Wendy's wants dismissal of shareholders' data breach lawsuit

[Audrey McNeil]

http://legalnewsline.com/stories/511098534-wendy-s-wants-dismissal-of-
shareholders-data-breach-lawsuit

Major fast-food restaurant Wendy’s is asking an Ohio federal judge to
dismiss claims made against it by stockholders following a major data
breach in 2016.

The plaintiffs, who filed suit in U.S. District Court for the Southern
District of Ohio want to hold Wendy’s responsible after some of its
franchise restaurants were hit with cyber-attacks that resulted in a
third-party perpetrator putting malware on point-of-sale (POS) systems to
steal customer’s private information.

Wendy’s has emphasized that “no company-owned restaurants” were compromised.

The plaintiffs took legal action with claims that Wendy’s did not do all it
could to protect the company against vulnerabilities and says it should
have taken more drastic measures to guarantee a cyber-attack would not be
successful.

The plaintiffs added that because Wendy’s didn’t take these measures, they
are now unprotected when it comes to “breach of fiduciary duty, waste of
corporate assets, unjust enrichment, and gross mismanagement.” Wendy’s
pointed out the rarity of a case such as this not getting thrown out in a
motion to dismiss filed March 10.

It went on to breakdown why it should be dismissed.

Wendy’s first asserts in its motion to dismiss that the plaintiffs did not
perform the two most basic but necessary acts to take legal action: making
a demand on the Wendy’s board and convincing the defendant that their
allegations go beyond speculation.

As for making the demand, Wendy’s points out the plaintiffs never made one
and cannot prove that making a demand would have been futile.

Wendy’s added that the plaintiff did not plead an actionable claim for
breach of fiduciary duty. It used Section 102(b)(7) of the Delaware General
Corporation Law and Wendy’s Articles of Corporation as an example of why
the Director Duty of Care claims alone requires dismissal.

It also said the plaintiffs did not demonstrate that Wendy’s acted with
“gross negligence” or a “deliberate disregard of the whole body of
stockholders or actions which are without the bounds of reason” and that
“bad faith” is not enough to hold a strong lawsuit as it is an
"extraordinarily high standard and cannot be met with 'conclusory
allegations of wrongdoing… unsupported by pled facts.'”

As for the plaintiff’s claim of Wendy’s alleged waste, the restaurant said
this only works if “directors irrationally squander or give away corporate
assets.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170330/3afc1ab6/attachment.html>